This exploit is a proof of concept for a denial of service vulnerability in MP4 Converter 3.25.22. The vulnerability is triggered when a user attempts to add a preset with a large name. The user must copy the text from the generated MP4Converter.txt file to clipboard, open MP4 Converter, select 'Options' > 'Video/Audio Formats', click 'Add Preset' and paste clipboard in the field 'Name', click 'OK' and click 'Reset All'. This will cause the application to crash.
Pasteshr is a script which allows users to store any text online for easy sharing. The vulnerability is a SQL injection which can be exploited by passing malicious payloads in the keyword parameter of the GET request. The attack pattern is '%27/**/RLIKE/**/(case/**/when/**//**/9494586=9494586/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)/**/and/**/'%'='.
TwistedBrush Pro Studio 24.06 is prone to a denial-of-service vulnerability when the application attempts to open a specially crafted '.srp' file. An attacker can exploit this vulnerability to crash the application, denying service to legitimate users.
TwistedBrush Pro Studio 24.06 is vulnerable to a denial of service attack when a specially crafted file is opened in the 'Script Recorder' feature. An attacker can create a file containing 500000 'A' characters and paste it into the 'Description' field of the 'Script Recorder' feature, which will cause the application to crash.
TwistedBrush Pro Studio 24.06 is vulnerable to a denial of service attack when a specially crafted string is pasted into the 'New Width/New Height' field of the 'Resize Image...' menu. This causes the application to crash.
Selfie Studio 2.17 is vulnerable to a denial of service attack when a specially crafted string is pasted into the 'New Width/New Height' field of the 'Resize Image...' option. When the 'OK' button is clicked, the application crashes.
The security vulnerability can be exploited by local authenticated attackers. There is no input validation on the POST Form Data Parameter 'configRestore' and the Form Data Parameter 'configServerip' (the input are passed directly to TFTP command) which allow attackers to execute arbitrary Operating System Commands on the device for malicious purposes. The attacker has to know the credentials in order to access the Panel.
SalesERP v.8.1 is vulnerable to SQL Injection. Attackers can inject malicious SQL queries via the 'customer_id' and 'product_id' parameters in the POST request. The attack pattern used is '%27/**/oR/**/4803139=4803139/**/aNd/**/%276199%27=%276199'. This can be used to gain unauthorized access to the database.
An SQL injection vulnerability has been identified in the web "activities API". An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if OpenProject is configured not to require authentication for API access.
V8 is vulnerable to an out-of-bounds read when calling Array.includes and Array.indexOf. This occurs when the array is changed to dictionary mode before the inlined function call, allowing the CSA builtin to read data out-of-bounds.
Services By CQR